exploit the possibilities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2014-09-12

Debian Security Advisory 3024-1
Posted Sep 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3024-1 - Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys.

tags | advisory
systems | linux, debian
advisories | CVE-2014-5270
MD5 | a6348280990a326c7f48b6f413f68a4d
Debian Security Advisory 3023-1
Posted Sep 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3023-1 - Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2014-0591
MD5 | 1f5c7fd24fb609e0aaadce61a09c550b
Rooted SSH/SFTP Daemon Default Login Credentials
Posted Sep 12, 2014
Authored by Larry W. Cashdollar

Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them.

tags | exploit, root
MD5 | 9b9a609366a7eeab3584d0f5eec6842a
Joomla Spider Form Maker 3.4 SQL Injection
Posted Sep 12, 2014
Authored by Claudio Viviani

Joomla Spider Form Maker versions 3.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e2202e03c057020b75ef997c9373d8d2
Food Order Portal 8.3 Cross Site Request Forgery
Posted Sep 12, 2014
Authored by KnocKout

Food Order Portal version 8.3 suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.

tags | exploit, csrf
MD5 | 08010690ff0dea54213f48ea5a348467
WordPress Photo Album Plus 5.4.4 Cross Site Scripting
Posted Sep 12, 2014
Authored by Milhouse

WordPress Photo Album plugin versions 5.4.3 through 5.4.4 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 38ef0295efcac0c3913ba025dcf38269
Travel Portal II 6.0 Cross Site Request Forgery
Posted Sep 12, 2014
Authored by KnocKout

Travel Portal II version 6.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 3cdf90accb7a7f2859a8d589d0881c0b
HttpFileServer 2.3.x Remote Command Execution
Posted Sep 12, 2014
Authored by Daniele Linguaglossa

HttpFileServer version 2.3.x suffers from a remote command execution vulnerability due to a poorly formed regex.

tags | exploit, remote
advisories | CVE-2014-6287
MD5 | 9b2b6d778970810eb03014f6c29ad18c
Packet Fence 4.4.0
Posted Sep 12, 2014
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This release adds many bugfixes and enhancements.
tags | tool, remote
systems | unix
MD5 | 279dcfbfcf908d1875a48890931f177c
Railo 4.2.1 Remote File Inclusion
Posted Sep 12, 2014
Authored by drone, Brandon Perry | Site metasploit.com

This Metasploit module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable cffile line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.

tags | exploit, remote, arbitrary
advisories | CVE-2014-5468
MD5 | 2287ef968db5103fca3148412e85213b
ManageEngine Eventlog Analyzer Arbitrary File Upload
Posted Sep 12, 2014
Authored by h0ng10 | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine Eventlog Analyzer. The vulnerability exists in the agentUpload servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. By combining both weaknesses a remote attacker can achieve remote code execution. This Metasploit module has been tested successfully on versions v7.0 - v9.9 b9002 in Windows and Linux. Versions between 7.0 and < 8.1 are only exploitable via EAR deployment in the JBoss server, while versions 8.1+ are only exploitable via a JSP upload.

tags | exploit, remote, code execution, file upload
systems | linux, windows
advisories | CVE-2014-6037
MD5 | 8b051d5cd2483e4cadda4747053a23e2
SolarWinds Storage Manager Authentication Bypass
Posted Sep 12, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Solarwinds Storage Manager. The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication with specially crafted URLs. After bypassing authentication, is possible to use a file upload function to achieve remote code execution. This Metasploit module has been tested successfully in Solarwinds Store Manager Server 5.1.0 and 5.7.1 on Windows 32 bits, Windows 64 bits and Linux 64 bits operating systems.

tags | exploit, remote, code execution, bypass, file upload
systems | linux, windows
MD5 | 5e9d54bbc0c3892de9affde657fd7a34
Lynis Auditing Tool 1.6.1
Posted Sep 12, 2014
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added --pentest parameter to run a non-privileged scans (e.g. for pentesting). Improved vulnerable packages test on Debian based systems (apt-check). Various other changes and improvements.
tags | tool, scanner
systems | unix
MD5 | 9f90a01eb24bd398bdefb997011bb79c
ChatSecure IM 2.2.4 Script Insertion
Posted Sep 12, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

ChatSecure IM version 2.2.4 suffers from a script insertion vulnerability.

tags | exploit
MD5 | 0e250344fe00aae12875e45b2f7eaa98
Photorange 1.0 Local File Inclusion
Posted Sep 12, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Photorange version 1.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 7567bc0a3d513795c895a8da95320548
SWBI 2015 Call For Papers
Posted Sep 12, 2014
Site sdiwc.net

The International Conference on Semantic Web Business and Innovation (SWBI2015) has announced it's call for participation. It will be held at the University of Applied Sciences and Arts Western Switzerland October 7th through the 9th, 2015.

tags | paper, web, conference
MD5 | 5116a07cd111ee79e8ffd1fab068ffd8
Red Hat Security Advisory 2014-1186-01
Posted Sep 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1186-01 - The katello-configure package provides the katello-configure script, which configures the Katello installation, and the katello-upgrade script, which handles upgrades between versions. It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to _search. All Subscription Asset Manager users are advised to upgrade to this updated package. The update provides a script that modifies the elasticsearch.yml configuration file to disable dynamic scripting. After updating, run the "katello-configure" command. This will update the elasticsearch.yml configuration file and restart the elasticsearch service.

tags | advisory, java, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-3120
MD5 | c6a831c06a6ab0de39c8455dd3a91f48
Red Hat Security Advisory 2014-1184-01
Posted Sep 12, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1184-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. A stored cross-site scripting flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that log file.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2014-3595
MD5 | 07694908c01683e8303cfb4aec72606a
Ubuntu Security Notice USN-2330-1
Posted Sep 12, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2330-1 - Jan de Mooij, Christian Holler, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman and JW Wang discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered a use-after-free during DOM interactions with SVG. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1553, CVE-2014-1562, CVE-2014-1563, CVE-2014-1564, CVE-2014-1565, CVE-2014-1567
MD5 | 77c400fc162cfc49643ef5797ee0d599
VMware Security Advisory 2014-0009
Posted Sep 12, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0009 - VMware NSX and vCloud Networking and Security (vCNS) product updates address a vulnerability that could lead to critical information disclosure.

tags | advisory, info disclosure
advisories | CVE-2014-3796
MD5 | e29ff151d6c7e371f8880d091a91bd9e
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close